Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src upgrade to openssh 2.9, around 2001/6/24 (from openbsd usr.b...
details: https://anonhg.NetBSD.org/src/rev/795977c983d4
branches: trunk
changeset: 511646:795977c983d4
user: itojun <itojun%NetBSD.org@localhost>
date: Sat Jun 23 19:37:38 2001 +0000
description:
upgrade to openssh 2.9, around 2001/6/24 (from openbsd usr.bin/ssh).
- authorized_keys2 and known_hosts2 are obsoleted, and integrated
into those without "2".
- file name change, /etc/primes -> /etc/moduli
- cleanups
diffstat:
crypto/dist/ssh/auth-chall.c | 114 +--
crypto/dist/ssh/auth-rhosts.c | 9 +-
crypto/dist/ssh/auth-skey.c | 98 +++
crypto/dist/ssh/auth.c | 178 ++++++-
crypto/dist/ssh/auth.h | 45 +-
crypto/dist/ssh/auth1.c | 19 +-
crypto/dist/ssh/auth2-chall.c | 281 ++++++++-
crypto/dist/ssh/auth2.c | 251 +++-----
crypto/dist/ssh/authfd.c | 17 +-
crypto/dist/ssh/authfile.c | 39 +-
crypto/dist/ssh/canohost.c | 20 +-
crypto/dist/ssh/channels.c | 1014 +++++++++++++++++------------------
crypto/dist/ssh/channels.h | 201 ++----
crypto/dist/ssh/cipher.c | 130 +--
crypto/dist/ssh/cli.c | 10 +-
crypto/dist/ssh/clientloop.c | 155 ++---
crypto/dist/ssh/deattack.c | 12 +-
crypto/dist/ssh/dh.c | 25 +-
crypto/dist/ssh/hostfile.c | 12 +-
crypto/dist/ssh/includes.h | 7 +-
crypto/dist/ssh/kex.c | 47 +-
crypto/dist/ssh/kexdh.c | 27 +-
crypto/dist/ssh/kexgex.c | 27 +-
crypto/dist/ssh/key.c | 30 +-
crypto/dist/ssh/misc.c | 68 ++-
crypto/dist/ssh/misc.h | 28 +-
crypto/dist/ssh/nchan.h | 94 ---
crypto/dist/ssh/nchan2.ms | 1 +
crypto/dist/ssh/openssh2netbsd | 4 +-
crypto/dist/ssh/packet.c | 236 ++-----
crypto/dist/ssh/pathnames.h | 13 +-
crypto/dist/ssh/primes | 72 --
crypto/dist/ssh/primes.5 | 160 -----
crypto/dist/ssh/radix.c | 6 +-
crypto/dist/ssh/readconf.c | 24 +-
crypto/dist/ssh/readconf.h | 6 +-
crypto/dist/ssh/readpass.c | 8 +-
crypto/dist/ssh/scp.c | 37 +-
crypto/dist/ssh/servconf.c | 67 +-
crypto/dist/ssh/servconf.h | 9 +-
crypto/dist/ssh/serverloop.c | 124 +---
crypto/dist/ssh/session.c | 413 ++++++--------
crypto/dist/ssh/sftp-client.c | 30 +-
crypto/dist/ssh/sftp-glob.c | 30 +-
crypto/dist/ssh/sftp-int.c | 48 +-
crypto/dist/ssh/sftp-server.c | 147 +---
crypto/dist/ssh/sftp.1 | 22 +-
crypto/dist/ssh/sftp.c | 13 +-
crypto/dist/ssh/ssh-add.c | 23 +-
crypto/dist/ssh/ssh-agent.c | 62 +-
crypto/dist/ssh/ssh-dss.c | 59 +-
crypto/dist/ssh/ssh-keygen.1 | 10 +-
crypto/dist/ssh/ssh-keygen.c | 79 +-
crypto/dist/ssh/ssh-keyscan.1 | 12 +-
crypto/dist/ssh/ssh-keyscan.c | 71 +-
crypto/dist/ssh/ssh-rsa.c | 5 +-
crypto/dist/ssh/ssh.1 | 90 +-
crypto/dist/ssh/ssh.c | 73 +-
crypto/dist/ssh/ssh.h | 7 +-
crypto/dist/ssh/ssh1.h | 9 +-
crypto/dist/ssh/sshconnect.c | 167 +++-
crypto/dist/ssh/sshconnect1.c | 47 +-
crypto/dist/ssh/sshconnect2.c | 67 +-
crypto/dist/ssh/sshd.8 | 147 +++--
crypto/dist/ssh/sshd.c | 87 +-
crypto/dist/ssh/sshd_config | 49 +-
crypto/dist/ssh/version.h | 4 +-
distrib/sets/lists/etc/mi | 4 +-
distrib/sets/lists/etc/obsolete.mi | 3 +-
usr.bin/ssh/Makefile | 4 +-
usr.bin/ssh/sshd/Makefile | 7 +-
71 files changed, 2599 insertions(+), 2915 deletions(-)
diffs (truncated from 11434 to 300 lines):
diff -r 5dc0292926d3 -r 795977c983d4 crypto/dist/ssh/auth-chall.c
--- a/crypto/dist/ssh/auth-chall.c Sat Jun 23 19:09:44 2001 +0000
+++ b/crypto/dist/ssh/auth-chall.c Sat Jun 23 19:37:38 2001 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: auth-chall.c,v 1.4 2001/04/10 08:07:54 itojun Exp $ */
+/* $NetBSD: auth-chall.c,v 1.5 2001/06/23 19:37:38 itojun Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
*
@@ -24,82 +24,60 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: auth-chall.c,v 1.7 2001/04/05 10:42:47 markus Exp $");
+RCSID("$OpenBSD: auth-chall.c,v 1.8 2001/05/18 14:13:28 markus Exp $");
#include "auth.h"
#include "log.h"
+#include "xmalloc.h"
-#ifdef BSD_AUTH
+/* limited protocol v1 interface to kbd-interactive authentication */
+
+extern KbdintDevice *devices[];
+static KbdintDevice *device;
+
char *
-get_challenge(Authctxt *authctxt, char *devs)
+get_challenge(Authctxt *authctxt)
{
- char *challenge;
+ char *challenge, *name, *info, **prompts;
+ u_int i, numprompts;
+ u_int *echo_on;
- if (authctxt->as != NULL) {
- debug2("try reuse session");
- challenge = auth_getitem(authctxt->as, AUTHV_CHALLENGE);
- if (challenge != NULL) {
- debug2("reuse bsd auth session");
- return challenge;
- }
- auth_close(authctxt->as);
- authctxt->as = NULL;
+ device = devices[0]; /* we always use the 1st device for protocol 1 */
+ if (device == NULL)
+ return NULL;
+ if ((authctxt->kbdintctxt = device->init_ctx(authctxt)) == NULL)
+ return NULL;
+ if (device->query(authctxt->kbdintctxt, &name, &info,
+ &numprompts, &prompts, &echo_on)) {
+ device->free_ctx(authctxt->kbdintctxt);
+ authctxt->kbdintctxt = NULL;
+ return NULL;
}
- debug2("new bsd auth session");
- if (devs == NULL || strlen(devs) == 0)
- devs = authctxt->style;
- debug3("bsd auth: devs %s", devs ? devs : "<default>");
- authctxt->as = auth_userchallenge(authctxt->user, devs, "auth-ssh",
- &challenge);
- if (authctxt->as == NULL)
- return NULL;
- debug2("get_challenge: <%s>", challenge ? challenge : "EMPTY");
- return challenge;
+ if (numprompts < 1)
+ fatal("get_challenge: numprompts < 1");
+ challenge = xstrdup(prompts[0]);
+ for (i = 0; i < numprompts; i++)
+ xfree(prompts[i]);
+ xfree(prompts);
+ xfree(name);
+ xfree(echo_on);
+ xfree(info);
+
+ return (challenge);
}
int
-verify_response(Authctxt *authctxt, char *response)
-{
- int authok;
-
- if (authctxt->as == 0)
- error("verify_response: no bsd auth session");
- authok = auth_userresponse(authctxt->as, response, 0);
- authctxt->as = NULL;
- debug("verify_response: <%s> = <%d>", response, authok);
- return authok != 0;
-}
-#else
-#ifdef SKEY
-#include <skey.h>
-
-char *
-get_challenge(Authctxt *authctxt, char *devs)
+verify_response(Authctxt *authctxt, const char *response)
{
- static char challenge[1024];
- struct skey skey;
- if (skeychallenge(&skey, authctxt->user, challenge, sizeof(challenge)) == -1)
- return NULL;
- strlcat(challenge, "\nS/Key Password: ", sizeof challenge);
- return challenge;
-}
-int
-verify_response(Authctxt *authctxt, char *response)
-{
- return (authctxt->valid &&
- skey_haskey(authctxt->pw->pw_name) == 0 &&
- skey_passcheck(authctxt->pw->pw_name, response) != -1);
+ char *resp[1];
+ int res;
+
+ if (device == NULL)
+ return 0;
+ if (authctxt->kbdintctxt == NULL)
+ return 0;
+ resp[0] = (char *)response;
+ res = device->respond(authctxt->kbdintctxt, 1, resp);
+ device->free_ctx(authctxt->kbdintctxt);
+ authctxt->kbdintctxt = NULL;
+ return res ? 0 : 1;
}
-#else
-/* not available */
-char *
-get_challenge(Authctxt *authctxt, char *devs)
-{
- return NULL;
-}
-int
-verify_response(Authctxt *authctxt, char *response)
-{
- return 0;
-}
-#endif
-#endif
diff -r 5dc0292926d3 -r 795977c983d4 crypto/dist/ssh/auth-rhosts.c
--- a/crypto/dist/ssh/auth-rhosts.c Sat Jun 23 19:09:44 2001 +0000
+++ b/crypto/dist/ssh/auth-rhosts.c Sat Jun 23 19:37:38 2001 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: auth-rhosts.c,v 1.8 2001/05/15 15:26:07 itojun Exp $ */
+/* $NetBSD: auth-rhosts.c,v 1.9 2001/06/23 19:37:38 itojun Exp $ */
/*
* Author: Tatu Ylonen <ylo%cs.hut.fi@localhost>
* Copyright (c) 1995 Tatu Ylonen <ylo%cs.hut.fi@localhost>, Espoo, Finland
@@ -15,7 +15,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: auth-rhosts.c,v 1.23 2001/04/12 19:15:24 markus Exp $");
+RCSID("$OpenBSD: auth-rhosts.c,v 1.24 2001/06/23 15:12:17 itojun Exp $");
#include "packet.h"
#include "xmalloc.h"
@@ -29,16 +29,13 @@
/* import */
extern ServerOptions options;
-int check_rhosts_file(const char *, const char *, const char *, const char *,
- const char *);
-
/*
* This function processes an rhosts-style file (.rhosts, .shosts, or
* /etc/hosts.equiv). This returns true if authentication can be granted
* based on the file, and returns zero otherwise.
*/
-int
+static int
check_rhosts_file(const char *filename, const char *hostname,
const char *ipaddr, const char *client_user,
const char *server_user)
diff -r 5dc0292926d3 -r 795977c983d4 crypto/dist/ssh/auth-skey.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/crypto/dist/ssh/auth-skey.c Sat Jun 23 19:37:38 2001 +0000
@@ -0,0 +1,98 @@
+/* $NetBSD: auth-skey.c,v 1.5 2001/06/23 19:37:38 itojun Exp $ */
+/*
+ * Copyright (c) 2001 Markus Friedl. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+#include "includes.h"
+RCSID("$OpenBSD: auth-skey.c,v 1.12 2001/05/18 14:13:28 markus Exp $");
+
+#ifdef SKEY
+
+#include <skey.h>
+
+#include "xmalloc.h"
+#include "auth.h"
+
+static void *
+skey_init_ctx(Authctxt *authctxt)
+{
+ return authctxt;
+}
+
+#define PROMPT "\nS/Key Password: "
+
+static int
+skey_query(void *ctx, char **name, char **infotxt,
+ u_int* numprompts, char ***prompts, u_int **echo_on)
+{
+ Authctxt *authctxt = ctx;
+ char challenge[1024], *p;
+ int len;
+ struct skey skey;
+
+ if (skeychallenge(&skey, authctxt->user, challenge, sizeof(challenge)) == -1)
+ return -1;
+
+ *name = xstrdup("");
+ *infotxt = xstrdup("");
+ *numprompts = 1;
+ *prompts = xmalloc(*numprompts * sizeof(char*));
+ *echo_on = xmalloc(*numprompts * sizeof(u_int));
+ (*echo_on)[0] = 0;
+
+ len = strlen(challenge) + strlen(PROMPT) + 1;
+ p = xmalloc(len);
+ p[0] = '\0';
+ strlcat(p, challenge, len);
+ strlcat(p, PROMPT, len);
+ (*prompts)[0] = p;
+
+ return 0;
+}
+
+static int
+skey_respond(void *ctx, u_int numresponses, char **responses)
+{
+ Authctxt *authctxt = ctx;
+
+ if (authctxt->valid &&
+ numresponses == 1 &&
+ skey_haskey(authctxt->pw->pw_name) == 0 &&
+ skey_passcheck(authctxt->pw->pw_name, responses[0]) != -1)
+ return 0;
+ return -1;
+}
+
+static void
+skey_free_ctx(void *ctx)
+{
+ /* we don't have a special context */
+}
+
+KbdintDevice skey_device = {
+ "skey",
+ skey_init_ctx,
+ skey_query,
+ skey_respond,
+ skey_free_ctx
+};
+#endif /* SKEY */
diff -r 5dc0292926d3 -r 795977c983d4 crypto/dist/ssh/auth.c
--- a/crypto/dist/ssh/auth.c Sat Jun 23 19:09:44 2001 +0000
+++ b/crypto/dist/ssh/auth.c Sat Jun 23 19:37:38 2001 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: auth.c,v 1.6 2001/06/23 08:08:04 itojun Exp $ */
+/* $NetBSD: auth.c,v 1.7 2001/06/23 19:37:38 itojun Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@@ -24,7 +24,9 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: auth.c,v 1.21 2001/03/19 17:07:23 markus Exp $");
+RCSID("$OpenBSD: auth.c,v 1.24 2001/06/23 00:20:57 markus Exp $");
+
+#include <libgen.h>
#include "xmalloc.h"
#include "match.h"
@@ -34,6 +36,10 @@
#include "auth.h"
#include "auth-options.h"
#include "canohost.h"
+#include "buffer.h"
Home |
Main Index |
Thread Index |
Old Index